[j-nsp] J series users bitten by the massive memory useincrease with flow mode add, please file jtac cases.

Chris Whyte cwhyte at juniper.net
Thu Jul 22 15:59:56 EDT 2010


I understand. I was specifically addressing the high-level comment/concern
that Juniper might do the same (ie implement flow mode) on M/MX/T series.
SRX serves this purpose. That's all.

My concern is that not everyone seems to understand the high-level decisions
behind architecture, product and feature direction. I personally find it
difficult that anyone can understand specific details without understanding
these fundamental decisions first. Hence I was just trying to chime in with
that type of information. By injecting some of this commentary it is also
likely that the decision makers at certain BUs at Juniper will see some of
your concerns first hand. My intention is a positive one. I promise you. :-)

Another way to look at it: It's akin to understanding the why Juniper chose
the one OS architectural approach vs Cisco choosing the N x OS architectural
approach. Why choose a vendor until you fully understand the benefits of
their architectural decisions?

Thanks, Chris


On 7/22/10 12:36 PM, "Amos Rosenboim" <amos at oasis-tech.net> wrote:

> Chris,
> 
> The discussion is about J series routers, not SRXs.
> The J series are marketed as routers not security devices and turning
> them to security devices all of a sudden is a decision I still don't
> understand.
> 
> If you want to open a discussion about SRX we can do that.
> I have no experience with the high end SRXs but a lot of experience
> with the lower end SRX devices (210-650) and I can honestly say that I
> consider them to be the worst piece of networking/security hardware I
> ever worked with.
> 
> The software quality for these devices is catastrophic, including many
> stability related bugs which crashed devices time after time.
> The logging of the devices is so inconvenient and also affect
> performance significantly, to a level where logging advised by JTAC
> killed a device.
> I heard this not only from colleagues but also from advanced JTAC
> engineers.
> It came to a point where my company stopped selling SRX devices and
> talking to the local distributer I understand that the overall Juniper
> security sales (in our small country) declined significantly.
> 
> It's important to mention that I'm a big Juniper fan (especially for
> the Junos line of products), and I'm not looking to flame the product
> for nothing.
> 
> Regards
> 
> Amos
> 
> 
> On Jul 22, 2010, at 9:49 PM, Chris Whyte wrote:
> 
>>> IMO Juniper has royally screwed up in the small router/CPE market.
>>> One can hope that they won't perform similar stunts on the M/MX/T
>>> series.
>>> 
>> 
>> There's absolutely no reason why this would be considered. The fact
>> that you
>> would make that statement leads me to believe that people might not
>> understand why the SRX product line was created in the first place.
>> 
>> The entire SRX product line (branch and high-end) covers the
>> performance
>> spectrum across M and MX series but were created specifically as
>> purpose-built security devices and therefore should be implemented
>> as such.
>> In addition, in order to do high-end processing of (stateful) flows
>> you need
>> dedicated and specific hw to achieve desired performance. That hw
>> doesn't
>> exist on MX and T series. It only exists on high-end SRX (ie SPUs).
>> 
>> Thanks, Chris
>> 
>> 
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 




More information about the juniper-nsp mailing list